Congratulations! It’s very exciting that you’ve decided to become a security researcher and pick up some new skills. We’ve collected several resources below that will help you get started. Read on for our walkthrough.

Step 1) Start reading!

There are some go-to books that you can buy to help you learn the basics and essentials of penetration testing and bug hunting. Since bug bounties often include website targets, we’ll focus on getting you started with Web Hacking and later we’ll branch out.

Note ->

It's very important to focus on an area of hacking that is interesting & exciting to you. Focus on that one area and pick up new things as you go, but don’t try to be the “ultimate hacker” and learn everything. The greatest hackers on Bugcrowd have specialities and areas of interest, but they don’t know how to hack everything. Hacking is a lifelong journey of learning.

Your two go-to books are the following:

The Web Application Hacker’s HandbookThis is an absolute must-read and considered the web-app hacker’s ‘bible’. This book starts from square one, walking you through getting Kali Linux installed all the way through using tools and finding exploits.

Step 2) Practice what you’re learning!

While you’re learning it’s important to make sure that you’re also understanding and retaining what you learn. Practicing on vulnerable applications and systems is a great way to test your skills in simulated environments. These will give you an idea of what you’ll run up against in the real world.

HacksplainingThis is a great site to learn a bit more about various web hacking techniques and how they’re done. It’s actually more of a practical walk-through. Super useful!

Penetration Testing Practice LabsThis site has a massive list of practice apps and systems for several hacking scenarios. Use this list to find new testing labs and sites to practice your skills.

Step 3) Read tech write-ups and POCs (Proof of Concepts) from other hackers and watch tutorials on YouTube!

Now that you’ve got a baseline understanding of how to find and exploit security vulnerabilities, it’s time to start checking out what other hackers are finding in the wild. Luckily the security community is quite generous with sharing knowledge and we’ve collected a list of write-ups & tutorials:

Step 5) Start learning about bug bounties

Okay, now you’re at the point where it’s almost time to start hunting for bounties. But first, let’s learn how bug bounties work and how to get started, just to make sure we maximize our chances of success.

How to approach a targetAdvice from other bug hunters that will help you find more success when approaching a bug bounty.

Read the Bounty Hunter's Methodology

Step 6) Get hacking!

It’s time to start hacking! When you’re new and getting started, it’s probably best not to try hacking the most popular bug bounties out there. Trying to hack Tesla Motors, Facebook, Pinterest and others will likely end in frustration for beginners, as those companies are very popular and are more secure because they receive many bug reports.

Instead, focus on bug bounties that have likely been overlooked by others. These are often bug bounties that don’t pay rewards but instead offer kudos points on Bugcrowd. These ‘kudos points only’ programs are a fantastic way to get started with bug bounties and to show your skills to Bugcrowd. After you’ve submitted some valid bugs to Bugcrowd, even if they’re kudos rewards only, you will likely start receiving invites to private bounty programs. The private bounty programs are invitation only and restricted to a small number of people, which means less competition and a higher likelihood of successfully finding a bug.

Step 7) Always Be Learning & Networking

Like we mentioned earlier, hacking is a lifelong journey of learning. This is what makes this field so exciting! There are always new articles and presentations to learn from, interesting people to meet at conferences or local meetups, and new opportunities to pursue.

Bug bounties are a fantastic way to enter the InfoSec community and build your career. Use bug bounties as a way to make extra money, improve your skills, meet new people, and even build out your resume.

Remember, always act professional and treat people well. This is a small community and we like to take care of each other - you never know who you might meet!

If you understand a bit of HTML you can definitely start to make an impact, but I think you need at least a little bit of familiarity with javascript to level-up.

In my opinion, programming knowledge will definitely be required to get to the highest skill levels - there's some bugs that just don't make sense unless you know how a web application is put together. (e.g. sometimes you might do something and see an error output message; being able to decipher and understand that message can lead you to new bugs)

There's definitely researchers out there doing brilliant work who don't have much programming skill though, and you can always pick up those skills as you go. (Check out http://learnpythonthehardway.org/book/)

Hi Sir the above information is very usefull for me and I am more interested in this ethical hacking..and the problem is I don't have any push or support to learn ethical hacking!! Please help me to overcome from this sir!! My E-mail i d b_saran1997@hotmail.com